Sample Questions and Answers
What is a “man-in-the-middle” attack in the context of encryption?
Intercepting and altering communications between two parties without detection
B. Guessing passwords by brute force
C. Encrypting data improperly
D. Stealing keys physically
Answer: A. Intercepting and altering communications between two parties without detection
Explanation: The attacker secretly relays or alters messages between communicating parties.
What is the key benefit of using hardware security modules (HSMs)?
Increased computational speed
B. Secure generation and storage of cryptographic keys in tamper-resistant hardware
C. They replace encryption algorithms
D. They compress data
Answer: B. Secure generation and storage of cryptographic keys in tamper-resistant hardware
Explanation: HSMs protect keys from unauthorized access and physical tampering.
Which cryptographic algorithm was developed by the NSA and is widely used for U.S. government communications?
AES
B. DES
C. RSA
D. SHA-256
Answer: A. AES
Explanation: AES is the standard encryption algorithm approved by the U.S. government.
What does “forward secrecy” mean in encryption protocols?
Past communications remain secure even if long-term keys are compromised in the future
B. Keys never expire
C. Encryption only works one way
D. Keys are stored permanently
Answer: A. Past communications remain secure even if long-term keys are compromised in the future
Explanation: Forward secrecy uses ephemeral keys for each session.
What is the role of the ‘salt’ in password hashing?
To encrypt the password
B. To add uniqueness and prevent attacks like rainbow table lookups
C. To compress the password
D. To decrypt the password
Answer: B. To add uniqueness and prevent attacks like rainbow table lookups
Explanation: Salt adds random data to each password before hashing.
Which cryptographic standard replaced DES due to security concerns?
RSA
B. AES
C. Blowfish
D. 3DES
Answer: B. AES
Explanation: AES replaced DES because DES’s 56-bit key was too short and vulnerable.
What is the primary difference between symmetric and asymmetric encryption regarding speed?
Asymmetric encryption is faster than symmetric
B. Symmetric encryption is faster than asymmetric
C. Both have the same speed
D. Speed depends on key length only
Answer: B. Symmetric encryption is faster than asymmetric
Explanation: Symmetric algorithms are computationally less intensive.
What is the main advantage of using elliptic curve cryptography (ECC)?
Smaller key size with equivalent security compared to RSA
B. Faster hashing
C. Easier key distribution
D. It is a symmetric key algorithm
Answer: A. Smaller key size with equivalent security compared to RSA
Explanation: ECC achieves strong security with smaller keys, which improves efficiency.
What does “key escrow” mean?
Storing cryptographic keys with a trusted third party for recovery or law enforcement
B. Encrypting keys permanently
C. Destroying keys after use
D. Generating keys randomly
Answer: A. Storing cryptographic keys with a trusted third party for recovery or law enforcement
Explanation: Key escrow allows authorized parties to access encrypted data if needed.
What is the main vulnerability of the WEP encryption protocol?
It uses a weak key scheduling algorithm and IV reuse leading to easy key recovery
B. It uses RSA encryption
C. It does not use any encryption
D. It requires too long keys
Answer: A. It uses a weak key scheduling algorithm and IV reuse leading to easy key recovery
Explanation: WEP’s RC4 implementation and IV reuse allow attackers to recover keys quickly.
What cryptographic method is used in TLS to establish a secure session?
Symmetric key exchange only
B. Asymmetric key exchange followed by symmetric encryption
C. Plaintext communication
D. Hashing only
Answer: B. Asymmetric key exchange followed by symmetric encryption
Explanation: TLS uses asymmetric encryption for key exchange, then symmetric encryption for bulk data.
Which of the following is NOT an example of a cryptographic hash function?
SHA-256
B. MD5
C. AES
D. SHA-3
Answer: C. AES
Explanation: AES is a symmetric encryption algorithm, not a hash function.
What is the role of the Initialization Vector (IV) in block cipher modes like CBC?
To provide randomness and ensure that identical plaintext blocks encrypt to different ciphertexts
B. To store the key
C. To compress the data
D. To decrypt ciphertext
Answer: A. To provide randomness and ensure that identical plaintext blocks encrypt to different ciphertexts
Explanation: IV ensures uniqueness in ciphertext for the same plaintext input.
What does “non-repudiation” mean in digital communications?
The sender cannot deny having sent the message
B. The message is encrypted
C. The message is compressed
D. The message is authenticated by hashing
Answer: A. The sender cannot deny having sent the message
Explanation: Digital signatures provide non-repudiation.
Which of these is a public key cryptography algorithm?
AES
B. DES
C. RSA
D. Blowfish
Answer: C. RSA
Explanation: RSA uses a public/private key pair.
What is the main use of the Diffie-Hellman algorithm?
Encrypt messages
B. Securely exchange cryptographic keys over an insecure channel
C. Generate digital signatures
D. Hash passwords
Answer: B. Securely exchange cryptographic keys over an insecure channel
Explanation: Diffie-Hellman enables key exchange without sharing the key directly.
Which of the following best describes a “collision” in cryptographic hash functions?
Two different inputs produce the same hash output
B. A hash is reversed to get the input
C. Hashes are encrypted twice
D. Hash is longer than input
Answer: A. Two different inputs produce the same hash output
Explanation: Collisions reduce hash function security.
Which encryption algorithm is considered quantum-resistant?
RSA
B. AES
C. Lattice-based cryptography
D. DES
Answer: C. Lattice-based cryptography
Explanation: Lattice-based algorithms are believed to be resistant to quantum attacks.
What is a “trapdoor function” in cryptography?
A function easy to compute but hard to invert without a secret
B. A function that compresses data
C. A function that encrypts data with a symmetric key
D. A hashing function
Answer: A. A function easy to compute but hard to invert without a secret
Explanation: Trapdoor functions underlie asymmetric cryptography.
What does the acronym “PKI” stand for?
Private Key Infrastructure
B. Public Key Infrastructure
C. Personal Key Identification
D. Private Key Identification
Answer: B. Public Key Infrastructure
Explanation: PKI manages public keys and digital certificates.
What is the main purpose of digital certificates?
To prove the identity of entities by binding a public key to a subject
B. To encrypt messages
C. To compress files
D. To generate keys
Answer: A. To prove the identity of entities by binding a public key to a subject
Explanation: Certificates validate public keys.
Which of the following is true about AES key sizes?
AES supports 128, 192, and 256-bit keys
B. AES supports only 64-bit keys
C. AES keys are always 512 bits
D. AES key size does not affect security
Answer: A. AES supports 128, 192, and 256-bit keys
Explanation: Different key sizes offer different levels of security.
What is the primary weakness of MD5 as a hash function?
Vulnerable to collision attacks
B. Too slow
C. Too complex
D. Uses symmetric encryption
Answer: A. Vulnerable to collision attacks
Explanation: MD5 collisions allow attackers to forge hashes.
In asymmetric encryption, which key encrypts data that only the corresponding key can decrypt?
Public key encrypts, private key decrypts
B. Private key encrypts, public key decrypts
C. Both keys encrypt and decrypt interchangeably
D. Symmetric key encrypts
Answer: A. Public key encrypts, private key decrypts
Explanation: Public key is used to encrypt; private key decrypts.
What cryptographic method is used to verify data integrity?
Encryption
B. Hashing
C. Compression
D. Key exchange
Answer: B. Hashing
Explanation: Hashing generates a fixed-size digest that changes if data is altered.
What is the main security feature provided by digital signatures?
Confidentiality
B. Authentication and integrity
C. Compression
D. Key exchange
Answer: B. Authentication and integrity
Explanation: Digital signatures prove the origin and integrity of a message.
Which of these algorithms is considered a symmetric block cipher?
RSA
B. AES
C. Diffie-Hellman
D. SHA-256
Answer: B. AES
Explanation: AES encrypts data in fixed-size blocks using symmetric keys.
What is the purpose of the “padding” in block cipher encryption?
To fill the last block to the required size if plaintext isn’t a multiple of the block size
B. To encrypt the data
C. To compress the message
D. To generate keys
Answer: A. To fill the last block to the required size if plaintext isn’t a multiple of the block size
Explanation: Padding ensures full blocks for encryption algorithms.
What does a “nonce” provide in encryption protocols?
A unique number to ensure freshness and prevent replay attacks
B. A symmetric key
C. A compression method
D. A hash function
Answer: A. A unique number to ensure freshness and prevent replay attacks
Explanation: Nonces prevent reuse of old messages.
Which of the following is NOT a feature of asymmetric encryption?
Uses a key pair
B. Requires less computational power than symmetric encryption
C. Supports digital signatures
D. Enables secure key exchange
Answer: B. Requires less computational power than symmetric encryption
Explanation: Asymmetric encryption is generally more computationally intensive.
What is a “ciphertext-only attack”?
An attack where only ciphertext is available to the attacker for cryptanalysis
B. An attack that requires plaintext and ciphertext
C. An attack that modifies the ciphertext
D. A brute force attack on keys
Answer: A. An attack where only ciphertext is available to the attacker for cryptanalysis
Explanation: The attacker tries to deduce plaintext or keys from ciphertext alone.
What is the role of the “key length” in encryption algorithms?
Determines the security level by increasing possible key combinations
B. Determines the size of the plaintext
C. Compresses the data
D. Hashes the data
Answer: A. Determines the security level by increasing possible key combinations
Explanation: Longer keys make brute force attacks more difficult.
Which mode of operation for block ciphers turns a block cipher into a stream cipher?
ECB
B. OFB
C. CBC
D. CFB
Answer: B. OFB
Explanation: Output Feedback mode produces a keystream for encryption one bit or byte at a time.
What is the difference between a MAC and an HMAC?
HMAC uses a cryptographic hash function with a secret key; MAC is more general
B. MAC is faster than HMAC
C. MAC uses a secret key, HMAC does not
D. Both are the same
Answer: A. HMAC uses a cryptographic hash function with a secret key; MAC is more general
Explanation: HMAC is a specific type of MAC using hash functions.
Reviews
There are no reviews yet.